In reaction to last night's travesty on American Idol, I now swear to you that by day's end I will have posted a message about my April conference notes. I have hunkered down and worked diligently on typing my notes--and translating my hand-scrawled gibberish. The wretched AmIdol results led me to this confinement: I am eschewing contact with the public today in hopes of snubbing those who cast votes for Danny. You Gokeyites who read my blog are henceforth required to either a) pay me money for the pleasure or b) promise you'll vote 30 million times for Adam next week.
In the mean time, I hope you've heard that (cut and pasted from FINRA's e-mail, emphasis added):
"FTC Delays Enforcement of FACT Act Red Flags Rule Until August 1
The Federal Trade Commission (FTC) has delayed until August 1 its enforcement of the new Red Flags Rule, which requires most broker-dealers to have in place a written program to identify, detect and respond to patterns, practices or specific activities that could indicate identity theft ("red flags"). In addition, the FTC will soon release a template to help entities with a low risk of identity theft to comply with the rule. Enforcement of the Red Flags Rule, which implements a section of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act), was previously scheduled to begin on May 1."
God Bless the FTC. (I give all the credit to Obama.)
Be back soon.
Showing posts with label The FACT Act. Show all posts
Showing posts with label The FACT Act. Show all posts
Thursday, May 7, 2009
Friday, November 28, 2008
Update on FACT Act
First, let me share my appreciation for FINRA's effort to explain the applicability of the FACT Act's Red Flag and other rules to member firms. The folks in OGC said they were working on it, and they did. Here's the link to Notice 08-69: http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p117448.pdf
Now, let me express my dismay at the extreme lack of distinct clarity on this topic--not necessarily from FINRA, but embedded in the Act's definitions. Your firm may be subject to the regulation, or not--just read and re-read the definitions of 'financial institution,' 'transaction account, 'creditor' and 'covered account.' It's a little like solving a Rubik's cube. If all like colors end up on the same side, then yes, your firm has to implement Red Flag Rules under the Fact Act. But good luck getting there.
In reading the definitions provided in FINRA's notice, my first reaction is, "If they wanted broker-dealers to be covered, why didn't they just say so?" For instance, the term“financial institution” is specifically defined as “a State or National bank, a State or Federal savings and loan association, a mutual savings bank, a State or Federal credit union, or any other person that, directly or indirectly, holds a transaction account . . . belonging to a consumer.” And a “transaction account” is specifically defined as “a deposit or account on which the depositor or account holder is permitted to make withdrawals by negotiable or transferable instrument, payment orders of withdrawal, telephone transfers, or other similar items for the purpose of making payments or transfers to third persons or others. Such term includes demand deposits, negotiable order of withdrawal accounts, savings deposits subject to automatic transfers, and share draft accounts.” See what I mean? If they wanted B-D's to be subject to the regs, why not just include "SEC registered broker-dealers" or "brokerage accounts" or some such other simple identifiers in the definitions? That would have made it real easy... but instead, these definitions overtly exclude the whole subject of brokerage accounts and broker-dealers. And then your favorite SRO puts the onus on firms to twist and retwist the cube in order to solve the puzzle by themselves. Frankly, for most of the 5100 registered B-D's, I think this is like trying to force a square cube through a round hole: I don't think these rules should apply.
Also, while I'm ranting, this whole thing is crazy!! B-D's already have CIP rules to follow. And remember that AML rules are not just about preventing money laundering. We all know that most AML-triggered investigations end up focusing on fraud, including mail fraud and credit/debit card fraud. So firms are already obligated to attempt to identify and report fraud....why do they have to now be subject to seemingly duplicative rules? And at what cost? ...read the Notice... do you really have time to create a "Written Identity Theft Prevention Program"? One that will confuse your already confused Reps about the account opening process? This reminds me of redundant local ordinances--instead of having one rule that requires safe and responsible behavior on sidewalks, they have in place six different rules, pertaining to different possible ways to conduct unsafe and irresponsible behavior on sidewalks: skateboarding, bicycling, rollerblading, dog walking, etc.... get my point? I guess I just feel sorry for firms whose business has nothing at all to do with credit cards, withdrawals, payment transfers, etc. To think that they will have to adopt lengthy and complicated procedures on top of what they already have in place (which are already hardly deemed necessary and applicable): what a waste of resources.
But who am I ranting at, here? The Federal Trade Commission? That's a big target for a little person like me. And I don't want to trash FINRA--they did something cool by addressing the subject. I guess I would like if FINRA would go a bit farther out on the limb by actually giving its opinion on how application way firms, M&A/PP shops, and introducing firms who do not actually extend margin to clients fit into this definitional puzzle. I know they state up front that they're not the rulemakers or interpreters on this subject, but c'mon, since they go on to say that NOT complying would be a violation of just and equitable principles of trade, can't they show a little more mercy?
Another topic within this one: check out Part C of the Notice. It's about policies you have to have in place re: use of consumer reports. If your firm requests a consumer report about a new or existing customer and receives a notice of address discrepancy from a CRA, you'll have to be able to form a reasonable belief that the consumer report actually relates to the customer in question. FINRA did a nice job of laying out these responsibilities. I'm assuming the effective date of these requirements is the same delayed date as for Red Flag Rules: May 1, 2009 (although I could be wrong.)
Lastly, FINRA mentions in the Notice that FTC has indicated a willingness to work with them to "resolve on a consistent and industry-wide basis, interpretive questions that arise under these rules as applied to broker-dealers. " I love that! My advice to you and all your B-D friends: call OGC at (202)728-8071 to ask about this. Perhaps that kind of dialogue will result in 'interpretive challenges' being met head on with concrete directives from FINRA. Then you can throw that darned Rubik's cube out the window. Puzzle solved.
Now, let me express my dismay at the extreme lack of distinct clarity on this topic--not necessarily from FINRA, but embedded in the Act's definitions. Your firm may be subject to the regulation, or not--just read and re-read the definitions of 'financial institution,' 'transaction account, 'creditor' and 'covered account.' It's a little like solving a Rubik's cube. If all like colors end up on the same side, then yes, your firm has to implement Red Flag Rules under the Fact Act. But good luck getting there.
In reading the definitions provided in FINRA's notice, my first reaction is, "If they wanted broker-dealers to be covered, why didn't they just say so?" For instance, the term“financial institution” is specifically defined as “a State or National bank, a State or Federal savings and loan association, a mutual savings bank, a State or Federal credit union, or any other person that, directly or indirectly, holds a transaction account . . . belonging to a consumer.” And a “transaction account” is specifically defined as “a deposit or account on which the depositor or account holder is permitted to make withdrawals by negotiable or transferable instrument, payment orders of withdrawal, telephone transfers, or other similar items for the purpose of making payments or transfers to third persons or others. Such term includes demand deposits, negotiable order of withdrawal accounts, savings deposits subject to automatic transfers, and share draft accounts.” See what I mean? If they wanted B-D's to be subject to the regs, why not just include "SEC registered broker-dealers" or "brokerage accounts" or some such other simple identifiers in the definitions? That would have made it real easy... but instead, these definitions overtly exclude the whole subject of brokerage accounts and broker-dealers. And then your favorite SRO puts the onus on firms to twist and retwist the cube in order to solve the puzzle by themselves. Frankly, for most of the 5100 registered B-D's, I think this is like trying to force a square cube through a round hole: I don't think these rules should apply.
Also, while I'm ranting, this whole thing is crazy!! B-D's already have CIP rules to follow. And remember that AML rules are not just about preventing money laundering. We all know that most AML-triggered investigations end up focusing on fraud, including mail fraud and credit/debit card fraud. So firms are already obligated to attempt to identify and report fraud....why do they have to now be subject to seemingly duplicative rules? And at what cost? ...read the Notice... do you really have time to create a "Written Identity Theft Prevention Program"? One that will confuse your already confused Reps about the account opening process? This reminds me of redundant local ordinances--instead of having one rule that requires safe and responsible behavior on sidewalks, they have in place six different rules, pertaining to different possible ways to conduct unsafe and irresponsible behavior on sidewalks: skateboarding, bicycling, rollerblading, dog walking, etc.... get my point? I guess I just feel sorry for firms whose business has nothing at all to do with credit cards, withdrawals, payment transfers, etc. To think that they will have to adopt lengthy and complicated procedures on top of what they already have in place (which are already hardly deemed necessary and applicable): what a waste of resources.
But who am I ranting at, here? The Federal Trade Commission? That's a big target for a little person like me. And I don't want to trash FINRA--they did something cool by addressing the subject. I guess I would like if FINRA would go a bit farther out on the limb by actually giving its opinion on how application way firms, M&A/PP shops, and introducing firms who do not actually extend margin to clients fit into this definitional puzzle. I know they state up front that they're not the rulemakers or interpreters on this subject, but c'mon, since they go on to say that NOT complying would be a violation of just and equitable principles of trade, can't they show a little more mercy?
Another topic within this one: check out Part C of the Notice. It's about policies you have to have in place re: use of consumer reports. If your firm requests a consumer report about a new or existing customer and receives a notice of address discrepancy from a CRA, you'll have to be able to form a reasonable belief that the consumer report actually relates to the customer in question. FINRA did a nice job of laying out these responsibilities. I'm assuming the effective date of these requirements is the same delayed date as for Red Flag Rules: May 1, 2009 (although I could be wrong.)
Lastly, FINRA mentions in the Notice that FTC has indicated a willingness to work with them to "resolve on a consistent and industry-wide basis, interpretive questions that arise under these rules as applied to broker-dealers. " I love that! My advice to you and all your B-D friends: call OGC at (202)728-8071 to ask about this. Perhaps that kind of dialogue will result in 'interpretive challenges' being met head on with concrete directives from FINRA. Then you can throw that darned Rubik's cube out the window. Puzzle solved.
Wednesday, October 15, 2008
FACT Act for BD's? Maybe.
A very helpful member of FINRA's Office of General Counsel looked into the whole FACT Act/ID Theft/Red Flags Rules subject. A big shout out to that person--thanks again!
I had asked him about 2 weeks ago about how these new rules might apply to registered B-D’s. He let me know that it is, specifically, FTC Rule 681, implemented under the FACT Act, that may apply. This rule goes into effect November 1. I guess FINRA is considering publishing either a reminder or guidance on the topic. Since it’s not an SEC Rule, SEC won’t be enforcing this; whether or not FINRA adds it to their examination protocols, we won’t know yet. A parallel example of FINRA enforcing an FTC rule is in the area of telemarketing restrictions. As you know, FINRA/NASD ‘adopted’ them and enforces cold calling rules.
Here is the link to the Federal Register announcing the FTC’s (and other agencies’) implementation of the FACT Act: http://frwebgate1.access.gpo.gov/cgi-bin/PDFgate.cgi?WAISdocID=080421251418+19+1+0&WAISaction=retrieve.
The operative terms within the rule are “financial institution,” “creditor” and “covered account.” I have a sense that M&A/private placement firms and straight up check & app firms (no brokerage accounts) will be able to exempt themselves; OGC seems to think introducing firms whose clients have brokerage accounts will not be exempt. But let’s wait and see…my opinion is, it’s only fair that FINRA provide some help on this complicated subject. Because let's face it: your compliance staff is working hard these days on many other issues. They're not pro-actively reading the Federal Register on weekends in an attempt to find new, unannounced rules to follow. (If they are, give them a raise or ask them to call me for a job.)
So be on the lookout for something from FINRA. In the mean time, think about clicking that link above and searching "681." You'll be way ahead of the game. (Unlike the Sox.) (Go Sox.)
I had asked him about 2 weeks ago about how these new rules might apply to registered B-D’s. He let me know that it is, specifically, FTC Rule 681, implemented under the FACT Act, that may apply. This rule goes into effect November 1. I guess FINRA is considering publishing either a reminder or guidance on the topic. Since it’s not an SEC Rule, SEC won’t be enforcing this; whether or not FINRA adds it to their examination protocols, we won’t know yet. A parallel example of FINRA enforcing an FTC rule is in the area of telemarketing restrictions. As you know, FINRA/NASD ‘adopted’ them and enforces cold calling rules.
Here is the link to the Federal Register announcing the FTC’s (and other agencies’) implementation of the FACT Act: http://frwebgate1.access.gpo.gov/cgi-bin/PDFgate.cgi?WAISdocID=080421251418+19+1+0&WAISaction=retrieve.
The operative terms within the rule are “financial institution,” “creditor” and “covered account.” I have a sense that M&A/private placement firms and straight up check & app firms (no brokerage accounts) will be able to exempt themselves; OGC seems to think introducing firms whose clients have brokerage accounts will not be exempt. But let’s wait and see…my opinion is, it’s only fair that FINRA provide some help on this complicated subject. Because let's face it: your compliance staff is working hard these days on many other issues. They're not pro-actively reading the Federal Register on weekends in an attempt to find new, unannounced rules to follow. (If they are, give them a raise or ask them to call me for a job.)
So be on the lookout for something from FINRA. In the mean time, think about clicking that link above and searching "681." You'll be way ahead of the game. (Unlike the Sox.) (Go Sox.)
Friday, October 3, 2008
Fact-ish: The FACT Act and Reg. S-P Amendments
I'm writing this to let you know I'm looking into something--that is, this is preliminary and I'll follow up later. So, put this information in the category of 'truthiness.'
I saw on FINRA's weekly e-mail the announcement of its online workshop on the subject of customer data protection issues (see: http://www.finra.org/Industry/Education/OnlineLearning/OnlineWorkshops/P117068 ). Within the workshop description the “new FACT Act” is mentioned.
This mention made me look into the FACT Act; I'd certainly seen references to new 'ID theft' compliance in other documents and online sources, but I was not familiar with the Act, nor its applicability to broker-dealers. Sometimes I'm lazy (no, not lazy: overworked!), and I rely on FINRA's Notices to announce important new requirements that will effect my clients.
Note that the FACT Act was referenced in NtM 05-49, but only in the footnotes and in reference to preventing identity theft by destruction of consumer reports.
The FACT Act is a banking regulation: the Fair and Accurate Credit Transactions Act of 2003. Financial institutions, under the Act, have a mandatory deadline of November 1, 2008, to comply with three new parts, called the Red Flag Rules (in sections 114 and 315 of the Act). New requirements include:
But, within the Act, “account” and "transaction" as defined may include certain types of brokerage accounts that allow for check writing, debit transactions,etc., that would then throw the requirements into a BD's realm. Since you, the small BD offering mutual fund investments on an application way basis, doing private placements or hedge funds offerings, or running an institutional trade desk, do not allow check writing on customer accounts, this stuff seems inapplicable and worthy of ignoring.
But.... why the mention in the online workshop announcement? The mention, itself, is a red flag for me: ooh-oh, is this something I missed? Maybe the workshop will confirm just what I surmise: the FACT Act doesn't apply to you; no worries. I would have liked it better had FINRA released guidance first, though, so that the message was way more broadly-distributed (most firms don't listen to the online workshops). I've asked FINRA if guidance is forthcoming. I'll keep you posted.
We're not done yet.
Reg. S-P is subject to pending amendments that cross reference the FACT Act. So, this may be a good thing for you or a bad thing. That is, if S-P will definitively require all BD’s to comply with the red flag rules under the Fact Act, then you'll have to waste time building procedures or justifications for not having procedures to comply. Perhaps the amendments--and FINRA's expectations of compliance—will be nuanced, such that you won't have to waste time on this. We will see.
Now remember, my knowledge base is minimal on this subject. No facts expressed here, only factish information. My goal is let you know that you don't have to react with alarm if you hear about firms complying with the Fact Act. Most likely it does not concern you. But stay tuned, because the Reg. S-P changes might.
If only politics were this straightforward. ... oh wait, they are.
I saw on FINRA's weekly e-mail the announcement of its online workshop on the subject of customer data protection issues (see: http://www.finra.org/Industry/Education/OnlineLearning/OnlineWorkshops/P117068 ). Within the workshop description the “new FACT Act” is mentioned.
This mention made me look into the FACT Act; I'd certainly seen references to new 'ID theft' compliance in other documents and online sources, but I was not familiar with the Act, nor its applicability to broker-dealers. Sometimes I'm lazy (no, not lazy: overworked!), and I rely on FINRA's Notices to announce important new requirements that will effect my clients.
Note that the FACT Act was referenced in NtM 05-49, but only in the footnotes and in reference to preventing identity theft by destruction of consumer reports.
The FACT Act is a banking regulation: the Fair and Accurate Credit Transactions Act of 2003. Financial institutions, under the Act, have a mandatory deadline of November 1, 2008, to comply with three new parts, called the Red Flag Rules (in sections 114 and 315 of the Act). New requirements include:
- Creating an identity theft prevention program
- Implementing change of address safeguards when issuing credit/debit cards
- Verifying identity upon notice of address discrepancy from a consumer reporting agency
334.90 Duties regarding the detection, prevention, and mitigation of
identity theft.
(a) Purpose and scope. This section implements section 114 of the Fair and Accurate Credit Transactions Act, 15 U.S.C. 1681m, which amends section 615 of the Fair Credit Reporting Act (FCRA). It applies to financial institutions and creditors that are insured state nonmember banks, insured state licensed branches of foreign banks, or subsidiaries of such entities (except brokers, dealers, persons providing insurance, investment companies, and investment advisers).
But, within the Act, “account” and "transaction" as defined may include certain types of brokerage accounts that allow for check writing, debit transactions,etc., that would then throw the requirements into a BD's realm. Since you, the small BD offering mutual fund investments on an application way basis, doing private placements or hedge funds offerings, or running an institutional trade desk, do not allow check writing on customer accounts, this stuff seems inapplicable and worthy of ignoring.
But.... why the mention in the online workshop announcement? The mention, itself, is a red flag for me: ooh-oh, is this something I missed? Maybe the workshop will confirm just what I surmise: the FACT Act doesn't apply to you; no worries. I would have liked it better had FINRA released guidance first, though, so that the message was way more broadly-distributed (most firms don't listen to the online workshops). I've asked FINRA if guidance is forthcoming. I'll keep you posted.
We're not done yet.
Reg. S-P is subject to pending amendments that cross reference the FACT Act. So, this may be a good thing for you or a bad thing. That is, if S-P will definitively require all BD’s to comply with the red flag rules under the Fact Act, then you'll have to waste time building procedures or justifications for not having procedures to comply. Perhaps the amendments--and FINRA's expectations of compliance—will be nuanced, such that you won't have to waste time on this. We will see.
Now remember, my knowledge base is minimal on this subject. No facts expressed here, only factish information. My goal is let you know that you don't have to react with alarm if you hear about firms complying with the Fact Act. Most likely it does not concern you. But stay tuned, because the Reg. S-P changes might.
If only politics were this straightforward. ... oh wait, they are.
Subscribe to:
Posts (Atom)
